Add group modification methods to IResourceAuthorization

author Alessandro Boch <aboch@cisco.com>

Thu, 24 Oct 2013 02:19:39 +0000 (19:19 -0700)

committer Gerrit Code Review <gerrit@opendaylight.org>

Thu, 24 Oct 2013 22:28:30 +0000 (22:28 +0000)
author Alessandro Boch <aboch@cisco.com>
Thu, 24 Oct 2013 02:19:39 +0000 (19:19 -0700)
committer Gerrit Code Review <gerrit@opendaylight.org>
Thu, 24 Oct 2013 22:28:30 +0000 (22:28 +0000)
diff --git a/opendaylight/appauth/pom.xml b/opendaylight/appauth/pom.xml

index fa273b6e92eea0318176415b8b62d9e5b15d3e27..cba2bb89bae3452f85a73a0fc8db7a6416ff2650 100644 (file)
--- a/opendaylight/appauth/pom.xml
+++ b/opendaylight/appauth/pom.xml
@@ -50,7 +50,7 @@
          <dependency>
           <groupId>org.opendaylight.controller</groupId>
             <artifactId>sal</artifactId>
          <dependency>
           <groupId>org.opendaylight.controller</groupId>
             <artifactId>sal</artifactId>
-          <version>0.5.1-SNAPSHOT</version>
+          <version>0.6.0-SNAPSHOT</version>
          </dependency>
          <dependency>
           <groupId>org.opendaylight.controller</groupId>
          </dependency>
          <dependency>
           <groupId>org.opendaylight.controller</groupId>
diff --git a/opendaylight/appauth/src/main/java/org/opendaylight/controller/appauth/authorization/Authorization.java b/opendaylight/appauth/src/main/java/org/opendaylight/controller/appauth/authorization/Authorization.java

index b872f49130205d239f9ee9bfac647b09eb7a241e..1992f5971120e37a83d3b6698732fecee2a64ee0 100644 (file)
--- a/opendaylight/appauth/src/main/java/org/opendaylight/controller/appauth/authorization/Authorization.java
+++ b/opendaylight/appauth/src/main/java/org/opendaylight/controller/appauth/authorization/Authorization.java
@@ -144,6 +144,7 @@ private static final Logger logger = LoggerFactory.getLogger(Authorization.class
              try {
                  toBeAdded.add((T) obj);
              } catch (ClassCastException e) {
              try {
                  toBeAdded.add((T) obj);
              } catch (ClassCastException e) {
+                logger.debug("Attempt to add a resource with invalid type");
                  allAdded = false;
              }
          }
                  allAdded = false;
              }
          }
@@ -152,23 +153,48 @@ private static final Logger logger = LoggerFactory.getLogger(Authorization.class
              new Status(StatusCode.SUCCESS, "One or more resources couldn't be added"));
      }
  
              new Status(StatusCode.SUCCESS, "One or more resources couldn't be added"));
      }
  
-    public Status addResourceToGroup(String groupName, T resource) {
+    @SuppressWarnings("unchecked")
+    @Override
+    public Status addResourceToGroup(String groupName, Object resource) {
          if (groupName == null || groupName.trim().isEmpty()) {
              return new Status(StatusCode.BADREQUEST, "Invalid group name");
          }
  
          if (groupName == null || groupName.trim().isEmpty()) {
              return new Status(StatusCode.BADREQUEST, "Invalid group name");
          }
  
+        if (resource == null) {
+            return new Status(StatusCode.BADREQUEST, "Null resource");
+        }
+
+        T castedResource = null;
+        try {
+            castedResource = (T) resource;
+        } catch (ClassCastException e) {
+            logger.debug("Attempt to add a resource with invalid type");
+            return new Status(StatusCode.BADREQUEST, "Incompatible resource");
+        }
+
          Set<T> group = resourceGroups.get(groupName);
          Set<T> group = resourceGroups.get(groupName);
-        if (group != null && resource != null) {
-            group.add(resource);
-            // Update cluster
-            resourceGroups.put(groupName, group);
-            return new Status(StatusCode.SUCCESS, "Resource added successfully");
+        if (group == null) {
+            return new Status(StatusCode.NOTFOUND, "Group not found");
          }
  
          }
  
-        return new Status(StatusCode.NOTFOUND, "Group not found or incompatible resource");
+        return addResourceToGroupInternal(groupName, castedResource);
+    }
+
+    /*
+     * Method child classes can overload if they need application specific
+     * checks on the resource
+     */
+    protected Status addResourceToGroupInternal(String groupName, T resource) {
+        Set<T> group = resourceGroups.get(groupName);
+        // Update group and cluster
+        group.add(resource);
+        resourceGroups.put(groupName, group);
+
+        return new Status(StatusCode.SUCCESS, "Resource added successfully");
+
      }
  
      }
  
-    public Status removeRoleResourceGroupMapping(String groupName) {
+    private Status removeRoleResourceGroupMapping(String groupName) {
          List<String> affectedRoles = new ArrayList<String>();
          Status result;
          for (Entry<String, Set<ResourceGroup>> pairs : groupsAuthorizations.entrySet()) {
          List<String> affectedRoles = new ArrayList<String>();
          Status result;
          for (Entry<String, Set<ResourceGroup>> pairs : groupsAuthorizations.entrySet()) {
@@ -215,7 +241,8 @@ private static final Logger logger = LoggerFactory.getLogger(Authorization.class
      }
  
  
      }
  
  
-    public Status removeResourceFromGroup(String groupName, T resource) {
+    @Override
+    public Status removeResourceFromGroup(String groupName, Object resource) {
          if (groupName == null || groupName.trim().isEmpty()) {
              return new Status(StatusCode.BADREQUEST, "Invalid group name");
          }
          if (groupName == null || groupName.trim().isEmpty()) {
              return new Status(StatusCode.BADREQUEST, "Invalid group name");
          }
@@ -535,6 +562,24 @@ private static final Logger logger = LoggerFactory.getLogger(Authorization.class
          return roles.containsKey(roleName);
      }
  
          return roles.containsKey(roleName);
      }
  
+    @Override
+    public boolean isApplicationUser(String userName) {
+        IUserManager userManager = (IUserManager) ServiceHelper
+                .getGlobalInstance(IUserManager.class, this);
+        if (userManager == null) {
+            return false;
+        }
+        List<String> roles = userManager.getUserRoles(userName);
+        if (roles != null && !roles.isEmpty()) {
+            for (String role : roles) {
+                if (isApplicationRole(role)) {
+                    return true;
+                }
+            }
+        }
+        return false;
+    }
+
      @Override
      public AppRoleLevel getApplicationRoleLevel(String roleName) {
          if (roleName == null || roleName.trim().isEmpty()) {
      @Override
      public AppRoleLevel getApplicationRoleLevel(String roleName) {
          if (roleName == null || roleName.trim().isEmpty()) {
diff --git a/opendaylight/commons/opendaylight/pom.xml b/opendaylight/commons/opendaylight/pom.xml

index 6bbb2ac0482ed7bbca96029d72886cdf5810dbfb..f3b2dc34405b4df2f98fbd10e4a612c810d76cae 100644 (file)
--- a/opendaylight/commons/opendaylight/pom.xml
+++ b/opendaylight/commons/opendaylight/pom.xml
@@ -82,7 +82,7 @@
      <containermanager.version>0.5.1-SNAPSHOT</containermanager.version>
      <switchmanager.api.version>0.5.1-SNAPSHOT</switchmanager.api.version>
      <connectionmanager.version>0.1.1-SNAPSHOT</connectionmanager.version>
      <containermanager.version>0.5.1-SNAPSHOT</containermanager.version>
      <switchmanager.api.version>0.5.1-SNAPSHOT</switchmanager.api.version>
      <connectionmanager.version>0.1.1-SNAPSHOT</connectionmanager.version>
-    <sal.version>0.5.1-SNAPSHOT</sal.version>
+    <sal.version>0.6.0-SNAPSHOT</sal.version>
      <sal.networkconfiguration.version>0.0.2-SNAPSHOT</sal.networkconfiguration.version>
      <sal.connection.version>0.1.1-SNAPSHOT</sal.connection.version>
      <networkconfig.bridgedomain.northbound.version>0.0.2-SNAPSHOT</networkconfig.bridgedomain.northbound.version>
      <sal.networkconfiguration.version>0.0.2-SNAPSHOT</sal.networkconfiguration.version>
      <sal.connection.version>0.1.1-SNAPSHOT</sal.connection.version>
      <networkconfig.bridgedomain.northbound.version>0.0.2-SNAPSHOT</networkconfig.bridgedomain.northbound.version>
diff --git a/opendaylight/sal/api/pom.xml b/opendaylight/sal/api/pom.xml

index 1ac4e325aff13894fc02edc43709de0d18d01d28..60e17e264e4d47b1c6505ef5b5aecdf7bee67ffa 100644 (file)
--- a/opendaylight/sal/api/pom.xml
+++ b/opendaylight/sal/api/pom.xml
@@ -16,7 +16,7 @@
    </scm>
  
    <artifactId>sal</artifactId>
    </scm>
  
    <artifactId>sal</artifactId>
-  <version>0.5.1-SNAPSHOT</version>
+  <version>0.6.0-SNAPSHOT</version>
    <packaging>bundle</packaging>
  
    <build>
    <packaging>bundle</packaging>
  
    <build>
diff --git a/opendaylight/sal/api/src/main/java/org/opendaylight/controller/sal/authorization/IResourceAuthorization.java b/opendaylight/sal/api/src/main/java/org/opendaylight/controller/sal/authorization/IResourceAuthorization.java

index 088f9da9a86d4d5b0f39530e97657dbefea47007..b7b36fae375aa5dc96444dd1cf7f8a41b878514c 100644 (file)
--- a/opendaylight/sal/api/src/main/java/org/opendaylight/controller/sal/authorization/IResourceAuthorization.java
+++ b/opendaylight/sal/api/src/main/java/org/opendaylight/controller/sal/authorization/IResourceAuthorization.java
@@ -27,8 +27,8 @@ public interface IResourceAuthorization {
       *
       * @param role  the role name
       * @param userLevel the user level in the application context
       *
       * @param role  the role name
       * @param userLevel the user level in the application context
-         * @return the status of the request
-         */
+     * @return the status of the request
+     */
      public Status createRole(String role, AppRoleLevel userLevel);
  
      /**
      public Status createRole(String role, AppRoleLevel userLevel);
  
      /**
@@ -192,4 +192,37 @@ public interface IResourceAuthorization {
       */
      public Privilege getResourcePrivilege(String userName, Object resource);
  
       */
      public Privilege getResourcePrivilege(String userName, Object resource);
  
+    /**
+     * Add a resource to a group
+     *
+     * @param groupName
+     *            the resource group
+     * @param resource
+     *            the resource object
+     * @return the status of the request
+     */
+    public Status addResourceToGroup(String groupName, Object resource);
+
+    /**
+     * Remove a resource from a group
+     *
+     * @param groupName
+     *            the resource group
+     * @param resource
+     *            the resource object
+     * @return the status of the request
+     */
+    public Status removeResourceFromGroup(String groupName, Object resource);
+
+    /**
+     * Return whether the specified user has access to this application. In
+     * other words if the user is associated any roles belonging to this
+     * application.
+     *
+     * @param userName
+     *            the user name
+     * @return true if the user has access to this application's resources,
+     *         false otherwise
+     */
+    boolean isApplicationUser(String userName);
  }
  }
author	Alessandro Boch <aboch@cisco.com>
	Thu, 24 Oct 2013 02:19:39 +0000 (19:19 -0700)
committer	Gerrit Code Review <gerrit@opendaylight.org>
	Thu, 24 Oct 2013 22:28:30 +0000 (22:28 +0000)
opendaylight/appauth/pom.xml		patch \| blob \| history
opendaylight/appauth/src/main/java/org/opendaylight/controller/appauth/authorization/Authorization.java		patch \| blob \| history
opendaylight/commons/opendaylight/pom.xml		patch \| blob \| history
opendaylight/sal/api/pom.xml		patch \| blob \| history
opendaylight/sal/api/src/main/java/org/opendaylight/controller/sal/authorization/IResourceAuthorization.java		patch \| blob \| history